Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-15482 The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapa_proceed' WooCommerce API en... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-15508 The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the get_frontend_settings() function. This make... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0944 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, fr... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5504 A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSS... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5772 A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * ex... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-37144 Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submit... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-47911 The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HT... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-58190 The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML c... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25872 JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path inp... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39886 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer over... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2055 A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation c... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2056 A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Con... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2062 A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address H... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-40023 Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specificat... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25123 Homarr is an open-source dashboard. Prior to 1.52.0, a public (unauthenticated) tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an un... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6778 Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2207 A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32435 Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-40742 Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: fro... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-23903 Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The i... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39716 Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39712 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a thr... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39706 Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39704 Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing β Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Co... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39701 Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39698 Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Th... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39694 Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sim... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39689 Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39688 Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39687 Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapi... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39686 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39678 Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking Sys... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39676 Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39675 Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39672 Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39664 Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39662 Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security L... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39658 Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39657 Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n/... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39652 Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39650 Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: f... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39648 Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39644 Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39628 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <=... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39626 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1722 The WCFM Marketplace β Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the pl... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39624 Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-52334 A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the ori... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39616 Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39612 Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9. | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.